Latte CRM – Privacy Policy

Last updated: January 27, 2026

This Privacy Policy explains how Latte CRM (“we”, “us”, “Provider”) handles personal data in connection with Latte, a self-hosted CRM system.

Latte is not a SaaS product. We do not host your data.

1. Core principle (read this first)

Your data stays on your infrastructure.
We do not collect, store, or process your CRM data.

This policy is intentionally short because our access to personal data is intentionally limited.

2. What data we do NOT collect

We do not collect or access:

customer records stored in Latte
contacts, accounts, opportunities, or tasks
CRM usage data
analytics from inside your Latte instance
IP addresses of your CRM users
end-user activity logs

All CRM data is stored only on infrastructure you control.

3. What data we MAY collect (limited, explicit)

We may collect minimal personal data only when you voluntarily provide it, such as:

3.1 Sales & communication

Name
Business email address
Company name
Role / title

Collected when you:

request a demo
contact us by email
discuss licensing or services

Purpose:

responding to inquiries
providing demos
invoicing and commercial communication

3.2 Billing & contractual data

If you purchase a license or services, we may process:

billing contact details
invoice-related information

We do not store payment card data ourselves.

4. Support access (only if you ask)

We may access your Latte environment only if:

you explicitly request support, and
you provide access credentials or data, and
access is limited to the scope required

We do not access customer data without permission.

5. Cookies & website analytics

Our website may use:

essential cookies (for basic functionality)
minimal analytics (if any)

We do not use:

tracking pixels
behavioral profiling
advertising cookies

If analytics are used, they are limited and privacy-focused.

6. Data retention

Sales and contact data is retained only as long as necessary for legitimate business purposes.
You may request deletion of your personal data at any time unless retention is legally required.

7. Data sharing

We do not sell or rent personal data.

We may share limited data only with:

accounting providers
legal advisors
payment processors

…strictly for operational and legal purposes.

8. International data transfers

Personal data may be processed in jurisdictions where we or our service providers operate.

We take reasonable steps to ensure appropriate safeguards are in place.

9. Your rights

Depending on your jurisdiction, you may have the right to:

access your personal data
correct inaccurate data
request deletion
object to processing
withdraw consent

Requests can be sent to the contact address below.

10. Security

While Latte data security is the responsibility of the Customer (as the hosting party), we take reasonable measures to protect any personal data we process in our own systems.

11. Changes to this policy

We may update this Privacy Policy from time to time.
Material changes will be reflected by updating the “Last updated” date.

12. Contact

For privacy-related questions or requests:

Latte CRM
[Email Address]